Book Image

Hands-on Hacking [Video]

By : ACI Learning, Daniel Lowrie
Book Image

Hands-on Hacking [Video]

By: ACI Learning, Daniel Lowrie

Overview of this book

The course begins by laying the groundwork with breach scanning and enumeration, guiding learners through identifying vulnerabilities in network systems and web applications. It covers techniques such as Web App Enumeration, HTTPS analysis with Wireshark and Burp Suite, and POP3 Enumeration, setting the stage for deeper exploration into cybersecurity defenses. The course focuses on practical application, moving from theoretical concepts to real-world hacking techniques. Learners will navigate through gaining access, exploiting systems, and executing privilege escalations both horizontally and vertically. Scenarios involving systems like GoldenEye, Bob, and Straylight offer hands-on experience, emphasizing the attacker's perspective to fortify defense mechanisms. The course wraps up with advanced topics in exploit development and real-world applications, challenging learners to apply their knowledge in complex environments. From scanning and enumeration to gaining access and privilege escalation, learners will develop a solid foundation in hacking techniques and cybersecurity defense. This course not only equips technical professionals with essential skills but also empowers them to think like a hacker, a vital perspective in today's digital world.
Table of Contents (8 chapters)
Chapter 6
WinterMute
Content Locked
Section 3
Straylight Gaining Access
We've discovered that one of Straylight's web apps contains a Local File Inclusion (LFI) vulnerability. Now we need to figure out how to exploit that to gain a reverse shell. In this episode, you will leverage your ability to read the mail server log files, chained together with remote access to Straylight's SMTP server, to inject PHP code that will then be executed by the web server resulting in shell access.